1

Generate SSL Certificate using

the KeyStore Explorer GUI

SSL GENERATE GUIDE

DIALEXIA COMMUNICATIONS INC

395 Av. Sainte-Croix #200
Saint-Laurent, Qc
Canada H4N 2L3
1 (514) 693-8500
© 2021 All Rights Reserved [email protected]
 2

Contents

About the guide ...................................................................................................................................... 3

Creating and generate SSL ...................................................................................................................... 4
Step 1: Generate a Key Pair................................................................................................................. 4
Step 2: Generate a SRC (Certificate Signature Request) ...................................................................... 9
Step 3: Import a CA Reply into a Key Pair.......................................................................................... 11
Step 4: Configure the Enterprise Server to use Keystore ................................................................... 15

© 2021 All Rights Reserved

 3

About the guide

This brief guide provides step-by-step instructions for generate a new SSL Certificate for Hero,
Dial-Gate and Dial-Office, using the KeyStore Explorer GUI tool.

The following topics are covered:

• Step 1: Generate a Key Pair.

• Step 2: Generate SRC (Certificate Signature Request).

• Step 3: Import CA Reply into a Key Pair.

• Step 4: Configure the Enterprise Server to Use The Keystore.

© 2021 All Rights Reserved

 4

Creating and generate SSL

To use the KeyStore Explorer GUI, download and install the tool as an administrator.
Follow the steps below to create keys or certificates from scratch using KeyStore Explorer GUI.

Step 1: Generate a Key Pair

1. Start KeyStore Explorer.
2. Choose Create a new KeyStore.

3. From New KeyStore Type, choose JKS.

© 2021 All Rights Reserved

 5

4. Click OK.

5. To generate a key pair go to tools:

a. Select Tools > Generate Key Pair.

b. In Generate Key Pair, choose the following Algorithm Selection options:

✓ RSA
✓ Key Size: 2048
c. Press OK button.

Generating Key Pair dialog appears, then disappears, after key is generated.

© 2021 All Rights Reserved

 6

d. From Generate Key Pair Certificate, click the Edit name icon

e. Complete the Name fields:

✓ For Common Name (CN): use the Fully Qualified Domain Name (FQDN) of
your server. For example: sip.dialexia.com.

✓ Organizational unit (OU): Use this field to differentiate between divisions

within an organization. For example, "Communications", "Engineering"
or "Human Resources." If applicable, you may enter the DBA (doing
business as) name in this field.

✓ Organization Name (O): The name under which your business is legally
registered. The listed organization must be the legal registrant of the
domain name in the certificate request. If you are enrolling as an
individual, please enter the certificate requestor's name in the
"Organization" field, and the DBA (doing business as) name in the
"Organizational Unit" field.

✓ Locality Name (L): Name of the city in which your organization is

registered/located. Please spell out the name of the city. Do not
abbreviate.

✓ State Name (SN): Name of state or province where your organization is

located. Please enter the full name. Do not abbreviate.

✓ Country (C): The two letter International Organization for

Standardization (ISO) format country code for the country in which your
organization is legally registered.

© 2021 All Rights Reserved

 7

✓ Email (E): Can be empty, if you need it, enter the email of your technical
service or the info company email

f. Click OK to confirm.

g. And click OK again onto Generate Key Pair Certificate dialog

h. The New Key Pair Entry Alias appears, enter a key pair name alias.
The alias is pre-set to the CN set in the Name dialog, change it if needed.
i. Click OK.

j. In New Key Pair, enter a password.

k. Click OK.

The Generate Key Pair dialog displays "Key Pair Generation Successful".

Note: Save this password and use it as the password for the entire keystore in step 7 below.

© 2021 All Rights Reserved

 8

6. Click OK, in Key Pair Generation Successful. The new key pair is displayed in the KeyStore
Explorer window.

7. Save the keystore:

a. From the KeyStore Explorer menu, select File > Save.

The Set KeyStore Password dialog appears.

b. Enter a password for the keystore. This password must be the same as the password
for the key pair generated in step 5 above.

c. Click OK.
The Save KeyStore As dialog appears.

© 2021 All Rights Reserved

 9

d. Enter the name of the keystore. Suggested name format for easy identification of your
keystores: sip_dialexia_com.jks or sip_mydomain_com.jks
e. Click Save.

Your keystore file is saved to your computer.

Step 2: Generate a SRC (Certificate Signature Request)

1. Right-click in the key pair entry.

2. Choose Generate CSR.

© 2021 All Rights Reserved

 10

3. The Unlock Entry dialog appears, you must enter your Keystore password (same
password as Steps 5 and 7 above, and click OK,

4. The Generate CSR dialog appears.

(Optional) Enter an additional values. Click OK.

The CSR Generation Successful dialog appears.

5. Click OK.
6. Once the CRS Generate file is save it, go to the corresponding file in local machine and
open the tomcat.csr. Copy and paste the generated CSR and send it to your certificate
authority.
7. After approved by you CA please downloaded the certificates or ZIP file to your local
machine

© 2021 All Rights Reserved

 11

Step 3: Import a CA Reply into a Key Pair

1. Right-click on the Key Pair entry in the KeyStore Entries table. Select Import CA Reply >
From File or From Clipboard from the pop-up menu.

2. If required the Unlock Entry dialog will be displayed. Enter the Key Pair entry's password
and press the OK button.

3. The Import CA Reply dialog appears

4. Select the required CA Reply file sip.dialexia.com (Should be your domain name).

© 2021 All Rights Reserved

 12

5. Click on the Open button.

6. The dialog CA Replay Import Successful will be displayed, click OK to confirm

7. Return to the drive and folder where the CA Reply file is stored.
8. Select, drag and drop files gd_cross_intermediate and gd_intermediate onto main screen
of your Keystore Explorer
9. The dialog Certificate Details for File “gd_cross_intermediate.crt“ appears
10. Click on the Import button to display the second dialog Trusted Certificate Entry Alias

© 2021 All Rights Reserved

 13

11. Rename you alias to the “cross” and click OK (If alias has a default enter you can keep it)

12. Confirm by OK again in the first Dialog

13. The dialog CA Replay Import Successful will be displayed, click OK to confirm

© 2021 All Rights Reserved

 14

14. Do the same steps by starting with the second file dialog. The Certificate Details File
“gd_intermediate.crt“ appears
15. Click on the Import button to display the second dialog Trusted Certificate Entry Alias

16. Rename you alias to the “intermed” and click OK (If alias has a default enter you can keep
it)

© 2021 All Rights Reserved

 15

17. Confirm by OK again in the first Dialog

18. The dialog CA Replay Import Successful will be displayed, click OK to confirm

19. Finally choose Save or Save As to save your Keystore

20. Your keystore file is complete and ready to be imported into your enterprise server.

Step 4: Configure the Enterprise Server to use Keystore

21. Copy the keystore and certificates files to …\Dialexia\Dial-Gate Sip or Hero\tomcat\conf
22. When you have completed installing your certificate, you must configure your Tomcat
server.xml configuration file to point to the correct keystore file (*.keystore, *.jks or *.pfx
… etc).
23. Open server.xml file, and scroll to the section "Define a SSL HTTP/1.1 Connector on port
443"
24. Replace gate.key or DialWeb.keystore with your keystore and add the Key password
appropriated (clientAuth="false" sslProtocol="TLS" keystoreFile="conf/ tomcat.keystore"
keystorePass="Key password">)
25. Verify the XML file is ok, by openning it with a web browser.
26. Before restarting Tomcat make sure to delete the localhost folder under the following
directory (…\Dialexia\Dial-Gate Sip or Hero\tomcat\work\Catalina)
27. Restart Tomcat (Web Server Service)

You may now proceed with generate SSL using KeyStore Explorer GUI! For any questions in
regards to the SSL steps generation, contact our support team at [email protected]

© 2021 All Rights Reserved